 Relationships |
|
| Anonymous | Login | Signup for a new account | 2013.06.20 11:17 CEST |
| Main | My View | View Issues | Change Log | Roadmap | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
| 0001973 | [Piwigo] security | minor | have not tried | 2010.10.29 23:45 | 2010.10.30 00:37 | ||
| Reporter | plg | View Status | public | ||||
| Assigned To | plg | ||||||
| Priority | normal | Resolution | fixed | Platform | |||
| Status | closed | OS | |||||
| Projection | none | OS Version | |||||
| ETA | none | Fixed in Version | 2.1.4 | Product Version | 2.1.3 | ||
| Target Version | 2.1.4 | Product Build | |||||
| Summary | 0001973: [comments.php] SQL query on error (and displayed) when category id is unknown | ||||||
| Description |
On comments.php, the category_id is transmitted with a $_GET parameter and if the user set a non-existing category_id then Piwigo generates an SQL syntax error and the SQL query is displayed. There is no vulnerability but we should avoid the SQL syntax error if we know the category doesn't exist! |
||||||
| Steps To Reproduce | |||||||
| Additional Information | |||||||
| Tags | No tags attached. | ||||||
| browser | any | ||||||
| Database engine and version | |||||||
| PHP version | |||||||
| Web server | Apache 1.3.x | ||||||
| Attached Files | |||||||
|
|
|||||||
|
Relationships |
|
|
Notes |
|
|
(0004410) svn (reporter) 2010.10.30 00:33 |
[Subversion] r7487 by plg on branch 2.1 -----[Subversion commit log]---------------------------------------------------- bug 1973 fixed: aboid SQL syntax error if the category id given in the URL is unknown. |
|
(0004411) svn (reporter) 2010.10.30 00:34 |
[Subversion] r7488 by plg on trunk -----[Subversion commit log]---------------------------------------------------- merge r7487 from branch 2.1 to trunk bug 1973 fixed: aboid SQL syntax error if the category id given in the URL is unknown. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010.10.29 23:45 | plg | New Issue | |
| 2010.10.29 23:45 | plg | Status | new => assigned |
| 2010.10.29 23:45 | plg | Assigned To | => plg |
| 2010.10.29 23:45 | plg | browser | => any |
| 2010.10.29 23:45 | plg | Web server | => Apache 1.3.x |
| 2010.10.30 00:33 | svn | Checkin | |
| 2010.10.30 00:33 | svn | Note Added: 0004410 | |
| 2010.10.30 00:34 | svn | Checkin | |
| 2010.10.30 00:34 | svn | Note Added: 0004411 | |
| 2010.10.30 00:37 | plg | Status | assigned => closed |
| 2010.10.30 00:37 | plg | Resolution | open => fixed |
| 2010.10.30 00:37 | plg | Fixed in Version | => 2.1.4 |
| Mantis 1.1.6[^] Copyright © 2000 - 2008 Mantis Group Contact |  |
